From ba9c727e94a6d26fd9c93c10759872310bd5e6f1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 30 Oct 2021 11:54:10 +0800 Subject: [PATCH] fix memory leak issue Signed-off-by: Jerry Yu --- library/ssl_tls.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c5079508ee..1929d8b3ee 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5477,8 +5477,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) psa_destroy_key( handshake->ecdh_psa_privkey ); #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_platform_zeroize( handshake, - sizeof( mbedtls_ssl_handshake_params ) ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_ssl_transform_free(handshake->transform_handshake); + mbedtls_ssl_transform_free(handshake->transform_earlydata); + mbedtls_free( handshake->transform_earlydata ); + mbedtls_free( handshake->transform_handshake ); + handshake->transform_earlydata = NULL; + handshake->transform_handshake = NULL; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* If the buffers are too big - reallocate. Because of the way Mbed TLS @@ -5489,12 +5496,9 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_ssl_get_output_buflen( ssl ) ); #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - mbedtls_free( handshake->transform_earlydata ); - mbedtls_free( handshake->transform_handshake ); - handshake->transform_earlydata = NULL; - handshake->transform_handshake = NULL; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* mbedtls_platform_zeroize MUST be last one in this function */ + mbedtls_platform_zeroize( handshake, + sizeof( mbedtls_ssl_handshake_params ) ); } void mbedtls_ssl_session_free( mbedtls_ssl_session *session )